Cybersecurity at the post-grad level

By William Jackson

Jul 28, 2011

George Mason University has added a multidisciplinary Master of Science degree in management of secure information systems to its offerings, joining a growing number of universities making cybersecurity a part of their curricula..

“This isn’t just a technical cybersecurity program,” said Daniel Menasce, a senior associate dean and computer science professor in the Volgenau School of Engineering. “Cybersecurity is not just a technical problem, it is also a policy and management problem.”

The program, recently approved by the State Council of Higher Education in Virginia, will begin in the spring semester and will be a cooperative effort of the university’s schools of engineering, management and public policy.

Implementing an effective cybersecurity program requires a lot of internal management across departments, and that is where many security programs fail, said Menasce, a member of the program’s steering committee.

“Attacks succeed because of a lack of awareness at the executive level,” he said. The premise of the program is that security cannot be left solely to the geeks. Executives must understand what the technology can do. They will not be configuring routers and firewalls, but must manage the teams that do.

The growing demand for cybersecurity professionals and the shortage of trained personnel has led to a number of public/private initiatives to identify students with the proper interests and abilities in high school or even earlier and to provide them with educational opportunities and career paths.

Colleges and universities have offered computer science programs since the days of punch cards, but the integration of computer science with security, law, law enforcement, public policy and all things cyber is only just getting under way.

At the university level, the National Security Agency and the Homeland Security Department have established the National Centers of Excellence program to identify and support schools with information assurance education and research programs. Students attending designated schools are eligible for scholarships and grants through the Defense Department’s Defense Information Assurance Scholarship Program.

GMU and the University of Maryland, Baltimore County are National Centers of Excellence for both education and research. University of Maryland University College has established three cybersecurity degree programs to help fill the demand for tens of thousands of professionals in Maryland, which is home not only to the NSA but also to the Pentagon’s new Cyber Command.

Menasce said the new GMU program is the first of its kind in the Washington area. Although there are other MBA programs that include some information security component, they do not focus on the technology. But this is not a computer science degree. GMU offers a master’s in information security and assurance, and the management program will not compete with that.

“There is no requirement to have technology expertise to come into the program, because it is self-contained,” Menasce said. It is intended to give executives the technical background to communicate on cybersecurity issues. “They have to be able to speak the language,” he said. “If you don’t know what you’re talking about you are going to be failing.”

It is a cohort program with no electives and the entire class will work together through the period, and will be taught on Saturdays over a 14-month period. The degree will require 36 credits: 15 credits in technical subjects from the engineering school, 12 credits from the management school, four credits in public policy, two credits for a one-week residency abroad, and three credits for a capstone project on which all students will collaborate.

The application period for the first class, which begins in January, closes Oct. 1. Menasce said the class will include 25 to 30 students.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

FCW investigated efforts by the departments of Defense and Veterans Affairs to improve a joint data repository on military and veteran suicides. Something as impersonal and mundane as incomplete datasets could be exacerbating a national tragedy.

The National Information Exchange Model's usefulness extends far beyond its origins in justice and law enforcement.

Reader comments

Thu, Jul 28, 2011

Since this reads as a commercial, I'll throw in some marketing....we need more people who can deploy secure systems and less bean counters who think they know what they are doing. if you want a good well rounded IA Masters go to Capitol College...I can teach a good IA person how to lower the total cost of ownership of IA efforts 10 times fater then I can teach an MBA person how to tie their shoes

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.